Asio building in Canberra. The agency in the report is unnamed but the inspector general has oversight of the Asio, Australian Signals Directorate (ASD), Australian Secret Intelligence Service (Asis), Defence Intelligence Organisation and Office of National Assessments.
Photograph: Lukas Coch/AAP

An unnamed Australian intelligence agency had “serious gaps” in record-keeping that impeded the investigation of serious allegations from a whistleblower.

The report notes that an individual “who had previously had a close working relationship” with one of Australia’s intelligence agencies raised concerns about misconduct with the inspector general under the disclosure scheme.

Under the Public Interest Disclosure Act, intelligence whistleblowers are permitted in some limited circumstances to raise concerns with the inspector general where there are serious concerns over the agency’s conduct. Public disclosure of such allegations is not permitted for intelligence matters.

The annual report said: “After a lengthy investigation which was conducted under the Igis Act, the Igis found there were serious gaps in the record-keeping of the relevant agency which impeded the Igis investigation.

“Some of the discloser’s concerns were serious and Igis considered that better systems should have been in place to ensure these were detected and addressed earlier.”

The report refers to concerns over additional payments and entitlements, suggesting the allegations related to expenditure issues, but it is not clear what the nature of the dispute was.

The inspector general concluded: “At the conclusion of the investigation the agency concerned agreed that valuable lessons had been learnt.”

The agency is not named in the annual report, but the inspector general oversees the Australian Security Intelligence Organisation (Asio), Australian Signals Directorate (ASD), Australian Secret Intelligence Service (Asis), Defence Intelligence Organisation and Office of National Assessments.

The Asio annual report notes that the agency received disclosures that were investigated. But it said that these investigations found “no findings of maladministration, wastage of public money or abuse of public trust, but cases did produce recommendations aimed at improving organisational communication, effectiveness and overall accountability”.

Asis does not file annual reports, and the ASD’s annual report is part of the defence department’s broader report, which has not yet been published.

In another case, an “anonymous discloser” complained about the release of sensitive information to the media. This disclosure was made internally to one of Australia’s intelligence agencies. But the inspector general wrote that “investigation of this concern revealed that this was an authorised rather than an unauthorised disclosure, and that no further action was warranted”.

The annual report referred to Asio’s destruction of records from information gathered from surveillance and intelligence activities. In 2014 it was revealed that it appeared Asio had never destroyed any phone or web data collected on Australians.

The inspector general began investigating, and noted in the most recent report: “There was no evidence that Asio has actually destroyed any electronic records that are eligible for destruction.”

It continued: “Asio advised that the electronic files created in the current version of their case management system have not yet reached the full term of the disposal category assigned. Igis will continue to monitor whether electronic records that are eligible for destruction are appropriately destroyed.”

The report also made some observations about Asio’s investigation of “issues-motivated groups” who engaged in protests. The inspector general conducted an inspection into some Asio records relating to these groups and found overall investigations were reasonable and justified.

But it noted that in a small number of cases “broad statements were made about a person’s ‘history’ of involvement in activities of security concern or ‘support for the use of violent protest’.”

It continued: “It is best practice to clearly articulate what is actually known or suspected about the person’s activities, rather than making general statements that could potentially suggest a stronger justification for investigative activities. The project also identified inconsistencies in record-keeping and documentation of reasons for requests to access certain information and in the descriptors used in some of Asio’s electronic records.”